git.samba.org / kseeger / samba-autobuild-v4-14-test / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 67c437b)
fuzz_dcerpc_parse_binding: don't leak
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Sat, 17 Oct 2020 22:59:40 +0000 (11:59 +1300)
committerJeremy Allison <jra@samba.org>
Tue, 20 Oct 2020 02:26:40 +0000 (02:26 +0000)
Also, by not tallocing at all in the too-long case, we can short
circuit quicker.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184

lib/fuzzing/fuzz_dcerpc_parse_binding.c patch | blob | history

diff --git a/lib/fuzzing/fuzz_dcerpc_parse_binding.c b/lib/fuzzing/fuzz_dcerpc_parse_binding.c
index 5f1c68707ed1011f73e72344f5cffa4da2e7fc71..61df0c0670ef54b13fa211c03d1e0f82191f563a 100644 (file)
--- a/lib/fuzzing/fuzz_dcerpc_parse_binding.c
+++ b/lib/fuzzing/fuzz_dcerpc_parse_binding.c
@@ -26,7 +26,7 @@ char buf[MAX_LENGTH + 1];
 
 int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 {
-       TALLOC_CTX *mem_ctx = talloc_new(NULL);
+       TALLOC_CTX *mem_ctx = NULL;
        struct dcerpc_binding *binding = NULL;
        struct dcerpc_binding *dup = NULL;
        struct epm_tower tower;
@@ -36,9 +36,11 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
        if (len > MAX_LENGTH) {
                return 0;
        }
+
        memcpy(buf, input, len);
        buf[len]  = '\0';
 
+       mem_ctx = talloc_new(NULL);
        status = dcerpc_parse_binding(mem_ctx, buf, &binding);
 
        if (! NT_STATUS_IS_OK(status)) {
Unnamed repository; edit this file 'description' to name the repository.